Detecting Intruders in Computer Systems. T. Lunt. In Proceedings of the 1993 Conference on Auditing and Computer Technology. 1993.
State of the Practice of Intrusion Detection Technologies. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. CMU/SEI Technical Report (CMU/SEI-99-TR-028. 1999.
Research in Intrusion Detection Systems: A Survey. S. Axelsson. Technical Report. 1999.
Artificial Intelligence and Intrusion Detection: Current and Future Directions. J. Frank. In Proceedings of the 17th National Computer Security Conference. 1994.
An Introduction to Intrusion Detection. A. Sundaram. 1996.
A Revised Taxonomy for Intrusion-Detection Systems. H. Debar, M. Dacier, and A. Wepsi. IBM Research Report. 1999.
An Intrusion-Detection Model. D. Denning. IEEE Transactions on Software Engineering, 13(2), Feb. 1987.
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. P. Helman and G. Liepins. IEEE Transactions on Software Engineering, 19(9), September, 1993.
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999.
Information-Theoretic Measures for Anomaly Detection. W. Lee and D. Xiang. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. May, 2001.
Benchmarking Anomaly-Based Detection Systems. R. Maxion and K. M. C Tan. In Proceedings of the 1st International Conference on Dependable Systems & Networks. 2000.
An Application of Pattern Matching in Intrusion Detection. S. Kumar and E. H. Spafford. Purdue University Technical Report CSD-TR-94-013. 1994.
State Transition Analysis: A Rule-Based Intrusion Detection Approach. K. Ilgun, R. A. Kemmerer, and P. A. Porras. IEEE Transactions on Software Engineering, 21(3). March, 1995.
Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST) . U. Lindqvist and P. A. Porras. In Proceedings of the 1999 IEEE Symposium on Research in Security and Privacy. 1999.
The SRI IDES Statistical Anomaly Detector. H. S. Javitz and A. Valdes. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 1991.
A Sense of Self for Unix Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. 1996.
Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. C. Ko, M. Ruschitzka, and K. Levitt. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. 1997.
Intrusion Detection via Static Analysis. D. Wagner and D. Dean. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 2001.
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 2001.
A Framework for Constructing Features and Models for Intrusion Detection Systems. W. Lee and S. J. Stolfo. ACM Transactions on Information and System Security, 3(4). 2000.
Detecting Intrusion Using System Calls: Alternative Data Models. C. Warrender, S. Forrest, and B. Perlmutter. In Proceedings of the 1999 IEEE Symposium on Security and Privacy. 1999.
Probabilistic Alert Correlation. A. Valdes and K. Skinner. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001). 2001.
Logic Induction of Valid Behavior Specifications for Intrusion Detection. C. Ko. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. 2000.
Temporal Sequence Learning and Data Reduction for Anomaly Detection. T. Lane and C. E. Brodley. ACM Transactions on Information and System Security, 2(3). August, 1999.
Network Intrusion Detection. B. Mukherjee, L. T. Heberlein, and K. N. Levitt. IEEE Network, May/June, 1994.
Bro: A System for Detecting Network Intruders in Real-Time. V. Paxson. Computer Networks, 31(23-24). December, 1999.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. T. H. Ptacek and T. N. Newsham. Technical Report. 1998.
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. M. Handley and V. Paxson. In Proceedings of the 10th USENIX Security Symposium. August, 2001.
Performance Adaptation in Real-Time Intrusion Detection Systems. Wenke Lee, Joao B. D. Cabrera, Ashley Thomas, Niranjan Balwalli, Sunmeet Saluja, and Yi Zhang. In Proceedings of The 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October 2002.
Using Embedded Sensors for Detecting Network Attacks. F. Kerschbaum, E. H. Spafford, and D. Zamboni. Purdue University Technical Report. 2000.
Live Traffic Analysis of TCP/IP Gateways. P. A. Porras and A. Valdes. In Proceedings of the Internet Society Symposium on Network and Distributed System Security (NDSS). 1998.
EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. P. A. Porras and Peter G. Neumann. In Proceedings of the National Information Systems Security Conference. 1997.
An Architecture for Intrusion Detection Using Autonomous Agents. J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. H. Spafford, and D. Zamboni. Purdue University Technical Report. 1998.
The Design of GrIDS: A Graph-Based Intrusion Detection System. S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford, R. Yip, D. Zerkle. UC Davis Technical Report CSE-99-2. 1999.
Toward Cost-Sensitive Modeling for Intrusion Detection and Response. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok. Journal of Computer Security 10(1,2), 2002.
Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection. G. H. Kim and E. H. Spafford. In USENIX Systems Administration, Networking and Security Conference III. 1994.
Information Modeling for Intrusion Report Aggregation. R. P. Goldman, W. Heimerdinger, S. A. Harp, C. W. Geib, V. Thomas, and R. L. Carter. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX II). 2001.
Probabilistic Alert Correlation. A. Valdes and K. Skinner. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID) 2001.
A Mission-Impact-Based Approach to INFOSEC Alarm Correlation. P. A. Porras, M. W. Fong, A. Valdes. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID). 2002.
Aggregration and Correlation of Intrusion-Detection Alerts. H. Debar and A. Wespi. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID). 2001.
A Methodology for Testing Intrusion Detection Systems. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson. IEEE Transactions on Software Engineering, 22(10). October, 1996.
Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. P. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX). 2000.
The 1999 DARPA Off-line Intrusion Detection Evaluation. R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. MIT Lincoln Lab Technical Report. 2000.
Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory. John McHugh. ACM Transactions on Information and System Security, 3(4). November, 2000.
A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. K. Kendall. Master Thesis. MIT. 1999.
Attack Development for Intrusion Detection Evaluation. . K. Das. B.S. Thesis. MIT. 2000.